Using the Information Security Manual
Executive summary
Purpose
Intended audience
Authority
Legislation and legal considerations
Cyber security principles
Cyber security guidelines
Applying a risk-based approach to cyber security
Using a risk management framework
Define the system
Select controls
Implement controls
Assess controls
Authorise the system
Monitor the system
Further information
Executive summary
Purpose
Intended audience
Authority
Legislation and legal considerations
Cyber security principles
Cyber security guidelines
Purpose
Intended audience
Authority
Legislation and legal considerations
Cyber security principles
Cyber security guidelines
Applying a risk-based approach to cyber security
Using a risk management framework
Define the system
Select controls
Implement controls
Assess controls
Authorise the system
Monitor the system
Further information
Using a risk management framework
Define the system
Select controls
Implement controls
Assess controls
Authorise the system
Monitor the system
Further information
Cyber Security Principles
The cyber security principles
Govern principles
Protect principles
- ism-principle-p1
- ism-principle-p2
- ism-principle-p3
- ism-principle-p4
- ism-principle-p5
- ism-principle-p6
- ism-principle-p7
- ism-principle-p8
- ism-principle-p9
- ism-principle-p10
- ism-principle-p11
- ism-principle-p12
- ism-principle-p13
- ism-principle-p14
Detect principles
Respond principles
The cyber security principles
Govern principles
Protect principles
- ism-principle-p1
- ism-principle-p2
- ism-principle-p3
- ism-principle-p4
- ism-principle-p5
- ism-principle-p6
- ism-principle-p7
- ism-principle-p8
- ism-principle-p9
- ism-principle-p10
- ism-principle-p11
- ism-principle-p12
- ism-principle-p13
- ism-principle-p14
Detect principles
Respond principles
Govern principles
Protect principles
- ism-principle-p1
- ism-principle-p2
- ism-principle-p3
- ism-principle-p4
- ism-principle-p5
- ism-principle-p6
- ism-principle-p7
- ism-principle-p8
- ism-principle-p9
- ism-principle-p10
- ism-principle-p11
- ism-principle-p12
- ism-principle-p13
- ism-principle-p14
Detect principles
Respond principles
Guidelines for Cyber Security Roles
Chief Information Security Officer
Providing cyber security leadership and guidance
Overseeing the cyber security program
Coordinating cyber security
Reporting on cyber security
Overseeing incident response activities
Contributing to business continuity and disaster recovery planning
Developing a cyber security communications strategy
Working with suppliers
Receiving and managing a dedicated cyber security budget
Overseeing cyber security personnel
Overseeing cyber security awareness raising
System owners
System ownership and oversight
Protecting systems and their resources
Annual reporting of system security status
Chief Information Security Officer
Providing cyber security leadership and guidance
Overseeing the cyber security program
Coordinating cyber security
Reporting on cyber security
Overseeing incident response activities
Contributing to business continuity and disaster recovery planning
Developing a cyber security communications strategy
Working with suppliers
Receiving and managing a dedicated cyber security budget
Overseeing cyber security personnel
Overseeing cyber security awareness raising
Providing cyber security leadership and guidance
Overseeing the cyber security program
Coordinating cyber security
Reporting on cyber security
Overseeing incident response activities
Contributing to business continuity and disaster recovery planning
Developing a cyber security communications strategy
Working with suppliers
Receiving and managing a dedicated cyber security budget
Overseeing cyber security personnel
Overseeing cyber security awareness raising
System owners
System ownership and oversight
Protecting systems and their resources
Annual reporting of system security status
System ownership and oversight
Protecting systems and their resources
Annual reporting of system security status
Guidelines for Cyber Security Incidents
Managing cyber security incidents
Incident management policy
Cyber security incident register
Trusted insider program
Access to sufficient data sources and tools
Reporting cyber security incidents
Reporting cyber security incidents to the ACSC
Responding to cyber security incidents
Enacting incident response plans
Handling and containing data spills
Handling and containing malicious code infections
Handling and containing intrusions
Maintaining the integrity of evidence
Managing cyber security incidents
Incident management policy
Cyber security incident register
Trusted insider program
Access to sufficient data sources and tools
Reporting cyber security incidents
Reporting cyber security incidents to the ACSC
Incident management policy
Cyber security incident register
Trusted insider program
Access to sufficient data sources and tools
Reporting cyber security incidents
Reporting cyber security incidents to the ACSC
Responding to cyber security incidents
Enacting incident response plans
Handling and containing data spills
Handling and containing malicious code infections
Handling and containing intrusions
Maintaining the integrity of evidence
Enacting incident response plans
Handling and containing data spills
Handling and containing malicious code infections
Handling and containing intrusions
Maintaining the integrity of evidence
Guidelines for Procurement and Outsourcing
Cyber supply chain risk management
Cyber supply chain risk management activities
Supplier relationship management
Sourcing applications, ICT equipment and services
Delivery of applications, ICT equipment and services
Managed services and cloud services
Managed services
Assessment of managed service providers
Outsourced cloud services
Assessment of outsourced cloud service providers
Contractual security requirements with service providers
Access to systems and data by service providers
Cyber supply chain risk management
Cyber supply chain risk management activities
Supplier relationship management
Sourcing applications, ICT equipment and services
Delivery of applications, ICT equipment and services
Cyber supply chain risk management activities
Supplier relationship management
Sourcing applications, ICT equipment and services
Delivery of applications, ICT equipment and services
Managed services and cloud services
Managed services
Assessment of managed service providers
Outsourced cloud services
Assessment of outsourced cloud service providers
Contractual security requirements with service providers
Access to systems and data by service providers
Managed services
Assessment of managed service providers
Outsourced cloud services
Assessment of outsourced cloud service providers
Contractual security requirements with service providers
Access to systems and data by service providers
Guidelines for Security Documentation
Development and maintenance of security documentation
Cyber security strategy
Approval of security documentation
Maintenance of security documentation
Communication of security documentation
System-specific security documentation
System security plan
Incident response plan
Continuous monitoring plan
Security assessment report
Plan of action and milestones
Development and maintenance of security documentation
Cyber security strategy
Approval of security documentation
Maintenance of security documentation
Communication of security documentation
Cyber security strategy
Approval of security documentation
Maintenance of security documentation
Communication of security documentation
System-specific security documentation
System security plan
Incident response plan
Continuous monitoring plan
Security assessment report
Plan of action and milestones
System security plan
Incident response plan
Continuous monitoring plan
Security assessment report
Plan of action and milestones
Guidelines for Physical Security
Facilities and systems
Physical access to systems
Physical access to servers, network devices and cryptographic equipment
Physical access to network devices in public areas
Bringing Radio Frequency and infrared devices into facilities
Preventing observation by unauthorised people
ICT equipment and media
Securing ICT equipment and media
Facilities and systems
Physical access to systems
Physical access to servers, network devices and cryptographic equipment
Physical access to network devices in public areas
Bringing Radio Frequency and infrared devices into facilities
Preventing observation by unauthorised people
Physical access to systems
Physical access to servers, network devices and cryptographic equipment
Physical access to network devices in public areas
Bringing Radio Frequency and infrared devices into facilities
Preventing observation by unauthorised people
ICT equipment and media
Securing ICT equipment and media
Securing ICT equipment and media
Guidelines for Personnel Security
Cyber security awareness training
Providing cyber security awareness training
Managing and reporting suspicious changes to banking details or payment requests
Reporting suspicious contact via online services
Posting work information to online services
Posting personal information to online services
Sending and receiving files via online services
Access to systems and their resources
System access requirements
User identification
Unprivileged access to systems
Unprivileged access to systems by foreign nationals
Privileged access to systems
- ism-1507
- ism-1733
- ism-1508
- ism-1853
- ism-1175
- ism-1653
- ism-1649
- ism-0445
- ism-1263
- ism-1509
- ism-1651
- ism-1650
- ism-1652
Privileged access to systems by foreign nationals
Suspension of access to systems
Recording authorisation for personnel to access systems
Temporary access to systems
Emergency access to systems
Control of Australian systems
Cyber security awareness training
Providing cyber security awareness training
Managing and reporting suspicious changes to banking details or payment requests
Reporting suspicious contact via online services
Posting work information to online services
Posting personal information to online services
Sending and receiving files via online services
Providing cyber security awareness training
Managing and reporting suspicious changes to banking details or payment requests
Reporting suspicious contact via online services
Posting work information to online services
Posting personal information to online services
Sending and receiving files via online services
Access to systems and their resources
System access requirements
User identification
Unprivileged access to systems
Unprivileged access to systems by foreign nationals
Privileged access to systems
- ism-1507
- ism-1733
- ism-1508
- ism-1853
- ism-1175
- ism-1653
- ism-1649
- ism-0445
- ism-1263
- ism-1509
- ism-1651
- ism-1650
- ism-1652
Privileged access to systems by foreign nationals
Suspension of access to systems
Recording authorisation for personnel to access systems
Temporary access to systems
Emergency access to systems
Control of Australian systems
System access requirements
User identification
Unprivileged access to systems
Unprivileged access to systems by foreign nationals
Privileged access to systems
- ism-1507
- ism-1733
- ism-1508
- ism-1853
- ism-1175
- ism-1653
- ism-1649
- ism-0445
- ism-1263
- ism-1509
- ism-1651
- ism-1650
- ism-1652
Privileged access to systems by foreign nationals
Suspension of access to systems
Recording authorisation for personnel to access systems
Temporary access to systems
Emergency access to systems
Control of Australian systems
Guidelines for Communications Infrastructure
Cabling infrastructure
Cabling infrastructure standards
Use of fibre-optic cables
Cable register
Floor plan diagrams
Cable labelling processes and procedures
Labelling cables
Labelling building management cables
Labelling cables for foreign systems in Australian facilities
Cable colours
Cable colour non-conformance
Cable inspectability
Common cable bundles and conduits
Common cable reticulation systems
Enclosed cable reticulation systems
Covers for enclosed cable reticulation systems
Sealing cable reticulation systems and conduits
Labelling conduits
Cables in walls
Cables in party walls
Wall penetrations
Wall outlet boxes
Labelling wall outlet boxes
Wall outlet box colours
Wall outlet box covers
Fly lead installation
Connecting cable reticulation systems to cabinets
Terminating cables in cabinets
Terminating cables on patch panels
Physical separation of cabinets and patch panels
Audio secure rooms
Power reticulation
Emanation security
Emanation security threat assessments in Australia
Emanation security threat assessments outside Australia
Early consideration of emanation security threats
Electromagnetic interference/electromagnetic compatibility standards
Cabling infrastructure
Cabling infrastructure standards
Use of fibre-optic cables
Cable register
Floor plan diagrams
Cable labelling processes and procedures
Labelling cables
Labelling building management cables
Labelling cables for foreign systems in Australian facilities
Cable colours
Cable colour non-conformance
Cable inspectability
Common cable bundles and conduits
Common cable reticulation systems
Enclosed cable reticulation systems
Covers for enclosed cable reticulation systems
Sealing cable reticulation systems and conduits
Labelling conduits
Cables in walls
Cables in party walls
Wall penetrations
Wall outlet boxes
Labelling wall outlet boxes
Wall outlet box colours
Wall outlet box covers
Fly lead installation
Connecting cable reticulation systems to cabinets
Terminating cables in cabinets
Terminating cables on patch panels
Physical separation of cabinets and patch panels
Audio secure rooms
Power reticulation
Cabling infrastructure standards
Use of fibre-optic cables
Cable register
Floor plan diagrams
Cable labelling processes and procedures
Labelling cables
Labelling building management cables
Labelling cables for foreign systems in Australian facilities
Cable colours
Cable colour non-conformance
Cable inspectability
Common cable bundles and conduits
Common cable reticulation systems
Enclosed cable reticulation systems
Covers for enclosed cable reticulation systems
Sealing cable reticulation systems and conduits
Labelling conduits
Cables in walls
Cables in party walls
Wall penetrations
Wall outlet boxes
Labelling wall outlet boxes
Wall outlet box colours
Wall outlet box covers
Fly lead installation
Connecting cable reticulation systems to cabinets
Terminating cables in cabinets
Terminating cables on patch panels
Physical separation of cabinets and patch panels
Audio secure rooms
Power reticulation
Emanation security
Emanation security threat assessments in Australia
Emanation security threat assessments outside Australia
Early consideration of emanation security threats
Electromagnetic interference/electromagnetic compatibility standards
Emanation security threat assessments in Australia
Emanation security threat assessments outside Australia
Early consideration of emanation security threats
Electromagnetic interference/electromagnetic compatibility standards
Guidelines for Communications Systems
Telephone systems
Telephone system usage policy
Personnel awareness
Protecting conversations
Cordless telephone systems
Speakerphones
Off-hook audio protection
Video conferencing and Internet Protocol telephony
Video conferencing and Internet Protocol telephony infrastructure hardening
Video-aware and voice-aware firewalls and proxies
Protecting video conferencing and Internet Protocol telephony traffic
Video conferencing unit and Internet Protocol phone authentication
Traffic separation
Internet Protocol phones in public areas
Microphones and webcams
Denial of service response plan
Fax machines and multifunction devices
Fax machine and multifunction device usage policy
Sending fax messages
Receiving fax messages
Connecting multifunction devices to both networks and digital telephone systems
Authenticating to multifunction devices
Scanning and copying documents on multifunction devices
Auditing multifunction device use
Observing fax machine and multifunction device use
Telephone systems
Telephone system usage policy
Personnel awareness
Protecting conversations
Cordless telephone systems
Speakerphones
Off-hook audio protection
Telephone system usage policy
Personnel awareness
Protecting conversations
Cordless telephone systems
Speakerphones
Off-hook audio protection
Video conferencing and Internet Protocol telephony
Video conferencing and Internet Protocol telephony infrastructure hardening
Video-aware and voice-aware firewalls and proxies
Protecting video conferencing and Internet Protocol telephony traffic
Video conferencing unit and Internet Protocol phone authentication
Traffic separation
Internet Protocol phones in public areas
Microphones and webcams
Denial of service response plan
Video conferencing and Internet Protocol telephony infrastructure hardening
Video-aware and voice-aware firewalls and proxies
Protecting video conferencing and Internet Protocol telephony traffic
Video conferencing unit and Internet Protocol phone authentication
Traffic separation
Internet Protocol phones in public areas
Microphones and webcams
Denial of service response plan
Fax machines and multifunction devices
Fax machine and multifunction device usage policy
Sending fax messages
Receiving fax messages
Connecting multifunction devices to both networks and digital telephone systems
Authenticating to multifunction devices
Scanning and copying documents on multifunction devices
Auditing multifunction device use
Observing fax machine and multifunction device use
Fax machine and multifunction device usage policy
Sending fax messages
Receiving fax messages
Connecting multifunction devices to both networks and digital telephone systems
Authenticating to multifunction devices
Scanning and copying documents on multifunction devices
Auditing multifunction device use
Observing fax machine and multifunction device use
Guidelines for Enterprise Mobility
Mobile device management
Mobile device management policy
ASD-approved platforms
Privately-owned mobile devices
Organisation-owned mobile devices
Storage encryption
Communications encryption
Bluetooth functionality
Maintaining mobile device security
Connecting mobile devices to the internet
Mobile device usage
Mobile device usage policy
Personnel awareness
Paging, message services and messaging apps
Using mobile devices in public spaces
Maintaining control of mobile devices
Mobile device emergency sanitisation processes and procedures
Before travelling overseas with mobile devices
While travelling overseas with mobile devices
After travelling overseas with mobile devices
Mobile device management
Mobile device management policy
ASD-approved platforms
Privately-owned mobile devices
Organisation-owned mobile devices
Storage encryption
Communications encryption
Bluetooth functionality
Maintaining mobile device security
Connecting mobile devices to the internet
Mobile device management policy
ASD-approved platforms
Privately-owned mobile devices
Organisation-owned mobile devices
Storage encryption
Communications encryption
Bluetooth functionality
Maintaining mobile device security
Connecting mobile devices to the internet
Mobile device usage
Mobile device usage policy
Personnel awareness
Paging, message services and messaging apps
Using mobile devices in public spaces
Maintaining control of mobile devices
Mobile device emergency sanitisation processes and procedures
Before travelling overseas with mobile devices
While travelling overseas with mobile devices
After travelling overseas with mobile devices
Mobile device usage policy
Personnel awareness
Paging, message services and messaging apps
Using mobile devices in public spaces
Maintaining control of mobile devices
Mobile device emergency sanitisation processes and procedures
Before travelling overseas with mobile devices
While travelling overseas with mobile devices
After travelling overseas with mobile devices
Guidelines for Evaluated Products
Evaluated product procurement
Evaluated product selection
Delivery of evaluated products
Evaluated product usage
Using evaluated products
Evaluated product procurement
Evaluated product selection
Delivery of evaluated products
Evaluated product selection
Delivery of evaluated products
Evaluated product usage
Using evaluated products
Using evaluated products
Guidelines for ICT Equipment
ICT equipment usage
ICT equipment management policy
ICT equipment selection
Hardening ICT equipment configurations
ICT equipment register
Labelling ICT equipment
Labelling high assurance ICT equipment
Classifying ICT equipment
Handling ICT equipment
ICT equipment maintenance and repairs
Maintenance and repairs of high assurance ICT equipment
On-site maintenance and repairs
Off-site maintenance and repairs
Inspection of ICT equipment following maintenance and repairs
ICT equipment sanitisation and destruction
ICT equipment sanitisation processes and procedures
ICT equipment destruction processes and procedures
Sanitising ICT equipment
Sanitising highly sensitive ICT equipment
Destroying high assurance ICT equipment
Sanitising printers and multifunction devices
Sanitising televisions and computer monitors
Sanitising network devices
Sanitising fax machines
ICT equipment disposal
ICT equipment disposal processes and procedures
Disposal of ICT equipment
ICT equipment usage
ICT equipment management policy
ICT equipment selection
Hardening ICT equipment configurations
ICT equipment register
Labelling ICT equipment
Labelling high assurance ICT equipment
Classifying ICT equipment
Handling ICT equipment
ICT equipment management policy
ICT equipment selection
Hardening ICT equipment configurations
ICT equipment register
Labelling ICT equipment
Labelling high assurance ICT equipment
Classifying ICT equipment
Handling ICT equipment
ICT equipment maintenance and repairs
Maintenance and repairs of high assurance ICT equipment
On-site maintenance and repairs
Off-site maintenance and repairs
Inspection of ICT equipment following maintenance and repairs
Maintenance and repairs of high assurance ICT equipment
On-site maintenance and repairs
Off-site maintenance and repairs
Inspection of ICT equipment following maintenance and repairs
ICT equipment sanitisation and destruction
ICT equipment sanitisation processes and procedures
ICT equipment destruction processes and procedures
Sanitising ICT equipment
Sanitising highly sensitive ICT equipment
Destroying high assurance ICT equipment
Sanitising printers and multifunction devices
Sanitising televisions and computer monitors
Sanitising network devices
Sanitising fax machines
ICT equipment sanitisation processes and procedures
ICT equipment destruction processes and procedures
Sanitising ICT equipment
Sanitising highly sensitive ICT equipment
Destroying high assurance ICT equipment
Sanitising printers and multifunction devices
Sanitising televisions and computer monitors
Sanitising network devices
Sanitising fax machines
ICT equipment disposal
ICT equipment disposal processes and procedures
Disposal of ICT equipment
ICT equipment disposal processes and procedures
Disposal of ICT equipment
Guidelines for Media
Media usage
Media management policy
Removable media usage policy
Removable media register
Labelling media
Classifying media
Reclassifying media
Handling media
Sanitising media before first use
Using media for data transfers
Media sanitisation
Media sanitisation processes and procedures
Volatile media sanitisation
Treatment of volatile media following sanitisation
Non-volatile magnetic media sanitisation
Treatment of non-volatile magnetic media following sanitisation
Non-volatile erasable programmable read-only memory media sanitisation
Non-volatile electrically erasable programmable read-only memory media sanitisation
Treatment of non-volatile erasable and electrically erasable programmable read-only memory media following sanitisation
Non-volatile flash memory media sanitisation
Treatment of non-volatile flash memory media following sanitisation
Media that cannot be successfully sanitised
Media destruction
Media destruction processes and procedures
Media that cannot be sanitised
Media destruction equipment
Media destruction methods
Treatment of media waste particles
Degaussing magnetic media
Supervision of destruction
Supervision of accountable material destruction
Outsourcing media destruction
Media disposal
Media disposal processes and procedures
Disposal of media
Media usage
Media management policy
Removable media usage policy
Removable media register
Labelling media
Classifying media
Reclassifying media
Handling media
Sanitising media before first use
Using media for data transfers
Media management policy
Removable media usage policy
Removable media register
Labelling media
Classifying media
Reclassifying media
Handling media
Sanitising media before first use
Using media for data transfers
Media sanitisation
Media sanitisation processes and procedures
Volatile media sanitisation
Treatment of volatile media following sanitisation
Non-volatile magnetic media sanitisation
Treatment of non-volatile magnetic media following sanitisation
Non-volatile erasable programmable read-only memory media sanitisation
Non-volatile electrically erasable programmable read-only memory media sanitisation
Treatment of non-volatile erasable and electrically erasable programmable read-only memory media following sanitisation
Non-volatile flash memory media sanitisation
Treatment of non-volatile flash memory media following sanitisation
Media that cannot be successfully sanitised
Media sanitisation processes and procedures
Volatile media sanitisation
Treatment of volatile media following sanitisation
Non-volatile magnetic media sanitisation
Treatment of non-volatile magnetic media following sanitisation
Non-volatile erasable programmable read-only memory media sanitisation
Non-volatile electrically erasable programmable read-only memory media sanitisation
Treatment of non-volatile erasable and electrically erasable programmable read-only memory media following sanitisation
Non-volatile flash memory media sanitisation
Treatment of non-volatile flash memory media following sanitisation
Media that cannot be successfully sanitised
Media destruction
Media destruction processes and procedures
Media that cannot be sanitised
Media destruction equipment
Media destruction methods
Treatment of media waste particles
Degaussing magnetic media
Supervision of destruction
Supervision of accountable material destruction
Outsourcing media destruction
Media destruction processes and procedures
Media that cannot be sanitised
Media destruction equipment
Media destruction methods
Treatment of media waste particles
Degaussing magnetic media
Supervision of destruction
Supervision of accountable material destruction
Outsourcing media destruction
Media disposal
Media disposal processes and procedures
Disposal of media
Media disposal processes and procedures
Disposal of media
Guidelines for System Hardening
Operating system hardening
Operating system selection
Operating system releases and versions
Standard Operating Environments
Hardening operating system configurations
Application management
Application control
- ism-0843
- ism-1490
- ism-1656
- ism-1657
- ism-1658
- ism-0955
- ism-1582
- ism-1471
- ism-1392
- ism-1746
- ism-1544
- ism-1659
- ism-0846
- ism-1660
- ism-1661
- ism-1662
- ism-1663
PowerShell
Host-based Intrusion Prevention System
Software firewall
Antivirus software
Device access control software
Operating system event logging
User application hardening
User application selection
User application releases
Hardening user application configurations
- ism-1806
- ism-1470
- ism-1235
- ism-1667
- ism-1668
- ism-1669
- ism-1542
- ism-1859
- ism-1823
- ism-1486
- ism-1485
- ism-1666
- ism-1412
- ism-1585
- ism-1670
- ism-1860
- ism-1824
- ism-1601
- ism-1748
- ism-1825
Microsoft Office macros
Server application hardening
Server application selection
Server application releases
Hardening server application configurations
Restricting privileges for server applications
Microsoft Active Directory Domain Services domain controllers
Microsoft Active Directory Domain Services account hardening
- ism-1832
- ism-1833
- ism-1834
- ism-1835
- ism-1836
- ism-1837
- ism-1838
- ism-1839
- ism-1840
- ism-1841
- ism-1842
- ism-1843
- ism-1844
Microsoft Active Directory Domain Services security group memberships
Authentication hardening
Authenticating to systems
Insecure authentication methods
Multi-factor authentication
- ism-0974
- ism-1173
- ism-1504
- ism-1679
- ism-1680
- ism-1681
- ism-1505
- ism-1401
- ism-1682
- ism-1559
- ism-1560
- ism-1561
- ism-1683
- ism-1684
Single-factor authentication
Setting credentials for user accounts
Setting credentials for break glass accounts, local administrator accounts and service accounts
Changing credentials
Protecting credentials
Account lockouts
Session termination
Session and screen locking
Logon banner
Virtualisation hardening
Functional separation between computing environments
Operating system hardening
Operating system selection
Operating system releases and versions
Standard Operating Environments
Hardening operating system configurations
Application management
Application control
- ism-0843
- ism-1490
- ism-1656
- ism-1657
- ism-1658
- ism-0955
- ism-1582
- ism-1471
- ism-1392
- ism-1746
- ism-1544
- ism-1659
- ism-0846
- ism-1660
- ism-1661
- ism-1662
- ism-1663
PowerShell
Host-based Intrusion Prevention System
Software firewall
Antivirus software
Device access control software
Operating system event logging
Operating system selection
Operating system releases and versions
Standard Operating Environments
Hardening operating system configurations
Application management
Application control
- ism-0843
- ism-1490
- ism-1656
- ism-1657
- ism-1658
- ism-0955
- ism-1582
- ism-1471
- ism-1392
- ism-1746
- ism-1544
- ism-1659
- ism-0846
- ism-1660
- ism-1661
- ism-1662
- ism-1663
PowerShell
Host-based Intrusion Prevention System
Software firewall
Antivirus software
Device access control software
Operating system event logging
User application hardening
User application selection
User application releases
Hardening user application configurations
- ism-1806
- ism-1470
- ism-1235
- ism-1667
- ism-1668
- ism-1669
- ism-1542
- ism-1859
- ism-1823
- ism-1486
- ism-1485
- ism-1666
- ism-1412
- ism-1585
- ism-1670
- ism-1860
- ism-1824
- ism-1601
- ism-1748
- ism-1825
Microsoft Office macros
User application selection
User application releases
Hardening user application configurations
- ism-1806
- ism-1470
- ism-1235
- ism-1667
- ism-1668
- ism-1669
- ism-1542
- ism-1859
- ism-1823
- ism-1486
- ism-1485
- ism-1666
- ism-1412
- ism-1585
- ism-1670
- ism-1860
- ism-1824
- ism-1601
- ism-1748
- ism-1825
Microsoft Office macros
Server application hardening
Server application selection
Server application releases
Hardening server application configurations
Restricting privileges for server applications
Microsoft Active Directory Domain Services domain controllers
Microsoft Active Directory Domain Services account hardening
- ism-1832
- ism-1833
- ism-1834
- ism-1835
- ism-1836
- ism-1837
- ism-1838
- ism-1839
- ism-1840
- ism-1841
- ism-1842
- ism-1843
- ism-1844
Microsoft Active Directory Domain Services security group memberships
Server application selection
Server application releases
Hardening server application configurations
Restricting privileges for server applications
Microsoft Active Directory Domain Services domain controllers
Microsoft Active Directory Domain Services account hardening
- ism-1832
- ism-1833
- ism-1834
- ism-1835
- ism-1836
- ism-1837
- ism-1838
- ism-1839
- ism-1840
- ism-1841
- ism-1842
- ism-1843
- ism-1844
Microsoft Active Directory Domain Services security group memberships
Authentication hardening
Authenticating to systems
Insecure authentication methods
Multi-factor authentication
- ism-0974
- ism-1173
- ism-1504
- ism-1679
- ism-1680
- ism-1681
- ism-1505
- ism-1401
- ism-1682
- ism-1559
- ism-1560
- ism-1561
- ism-1683
- ism-1684
Single-factor authentication
Setting credentials for user accounts
Setting credentials for break glass accounts, local administrator accounts and service accounts
Changing credentials
Protecting credentials
Account lockouts
Session termination
Session and screen locking
Logon banner
Authenticating to systems
Insecure authentication methods
Multi-factor authentication
- ism-0974
- ism-1173
- ism-1504
- ism-1679
- ism-1680
- ism-1681
- ism-1505
- ism-1401
- ism-1682
- ism-1559
- ism-1560
- ism-1561
- ism-1683
- ism-1684